- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- White paper
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Migrate from Knox E-FOTA Advanced to Knox E-FOTA One
- Knox E-FOTA Advanced
- Knox E-FOTA on MDM
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox White Paper
Knox supports advanced device configurations tailored to the defense industry. A single Knox setting can apply many of the settings needed to put the device into a compliant state. This setting, called Common Criteria Mode or CC Mode, helps simplify the task of correctly configuring a device for deployments that must meet defense-grade security requirements. The Common Criteria for Information Technology Security Evaluation, commonly referred to as Common Criteria, is an internationally-recognized standard for defining security objectives of information technology products and for evaluating vendor compliance with these objectives. A number of Governments use Common Criteria as the basis for their own certification schemes.
Select Samsung Galaxy devices with the Knox Platform embedded received Common Criteria (CC) certification. The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in enterprise. Samsung Knox is approved by the United States Government as the first NIAP-validated consumer mobile devices to handle the full range of classified information.
An IT admin can enable the device to be placed into the Common Criteria configuration. When enabled, the device:
- Blocks bootloader download mode, the manual method for software updates
- Mandates additional key zeroization on key deletion
- Prevents non-authenticated Bluetooth connections
- Requires that FOTA updates have a 2048-bit RSA-PSS signature
- Uses many other security settings
While other optional configuration steps are still recommended on top of Common Criteria Mode, the value is clear: simplifying the correct configuration of endpoints for high-security deployments saves time and prevents mistakes that can lead to misconfigurations and added security risks.
More information
Refer to the following Knowledge Base Articles for details about:
